Bug 1012277 - xinetd corrupts input when reading service name
Summary: xinetd corrupts input when reading service name
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xinetd
Version: 5.11
Hardware: All
OS: All
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jan Synacek
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-26 07:42 UTC by thomas.swan
Modified: 2013-11-08 11:23 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-08 11:23:05 UTC
Target Upstream Version:

Attachments (Terms of Use)
fix for svc_name read (2.14 KB, patch)
2013-09-26 07:42 UTC, thomas.swan 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description thomas.swan 2013-09-26 07:42:06 UTC 
Created attachment 803258 [details]
fix for svc_name read

Description of problem:
xinetd can corrupt input and miss service names by reading to much if the input buffer fills too quickly.

Version-Release number of selected component (if applicable):
xinetd-2.3.15 and earlier releases

How reproducible:
always

Steps to Reproduce:
1. Enable tcpmux-server
2. Create a simple service

   service date
   {
      id = tcpmux-date
      disable = no
      user = nobody
      group = nobody
      socket_type = stream
      type = TCPMUXPLUS UNLISTED
      flags = NAMEINARGS
      server = /bin/uname
      server_args = uname
      wait = no
   }
3. Restart/reload xinetd
4. Send a larger than expected stream
   printf 'date\r\nsomething new\r\n' |
   nc localhost 1

Actual results:
1. If running a new xinetd, you would receive
   -Service name not found


Expected results:
1. If running a newer xinetd, you would have received
   +Go
   Linux
   {output from date}

Additional info:

This is a result of the read command before inspecting the service name.

There is an open pull requet to implement the rfc1078 help command and to address the service name issue upstream.

Fix for svc_name read is attached as a patch
Comment 1 Jan Synacek 2013-11-08 11:23:05 UTC 
Red Hat Enterprise Linux 5 has entered Production 2 phase. For more details see https://access.redhat.com/support/policy/updates/errata/. As this bug is not qualified as critical, it is closed as WONTFIX.
Note You need to log in before you can comment on or make changes to this bug.